RiskSense Cloud Service Protects Against Cyber Threats and Vulnerabilities Ahead of Midterm ElectionsOctober 15, 2018
RiskSense, Inc., pioneering risk-based vulnerability prioritization and management, today announced its AI-Assisted Pen Testing Service called Attack Surface Validation for Election Systems which provides complete visibility and prioritization of security vulnerabilities that enables any district to remediate problems before the midterms. Immediate findings are delivered through the RiskSense cloud-service and cover the assessment of a district’s entire voting ecosystem, including devices, applications, databases, networks, etc., for vulnerabilities, missing patches, misconfigurations, and more. RiskSense allows resource and security expert-constrained districts to know what to urgently fix, and receive validation that remediation actions were successful.
"I am not a security expert, but I knew it was important to assess the security of the technology and processes used in my district," said the New Mexico Secretary of State. "The priorities and prescriptive actions provided to our IT staff by RiskSense allowed us to prepare and remediate quickly as findings came to light with the specialized attack scenarios. We have the results to share amongst our constituents that our district will not be idle nor let our community be vulnerable to tampering."
Most states and counties still rely on a complex, decentralized and aging election infrastructure. With limited resources and varying levels of cybersecurity expertise, many struggle to stay ahead of the increasing threat of unauthorized access, compromise and cyberattacks. They also lack sufficient experience or funding to adequately assess their potential exposure, and keep up with the threat intelligence and exploits that may be targeting their systems. RiskSense Attack Surface Validation for Election Systems addresses these challenges with a modern approach that delivers findings as they are encountered within the cloud platform.
"While internet-connected systems used for online voter registration and election night reporting have a significant attack surface, an end-to-end assessment of election systems is needed to understand which vulnerabilities truly matter," said Srinivas Mukkamala, CEO of RiskSense. "RiskSense looks at the security of the entire election ecosystem, including management, infrastructure, voter registration systems, poll books, vote tabulation, publishing systems, and more, to establish vulnerability priorities, and validate and measure the effectiveness of remediation actions."
RiskSense Attack Surface Validation for Election Systems is comprised of the following five phases:
- Passive Reconnaissance: Obtains a comprehensive fingerprint of the client’s test systems through passive reconnaissance. Reconnaissance is used to identify intelligence attackers can collect through passive means, without triggering alerts from security monitoring solutions.
- Attack Surface Enumeration: Enumerates the sum of an organization’s security risk exposure.
- Automated Scanning: Uses leading network vulnerability scanners to test a targeted network for critical vulnerabilities.
- Penetration Testing: Attempts to validate the discovered vulnerabilities manually to determine possible methods of network compromise and/or access to sensitive data. RiskSense uses multiple post-exploitation techniques to properly demonstrate the nature and potential consequences of a breach.
- Reporting: Collects all evidence in the form of screenshots, requests, responses, and commands issued during all phases of the assessment. Provides results with details of the exploited vulnerabilities, their severity and recommendations for remediation.
RiskSense Attack Surface Validation for Election Systems is available immediately. Pricing is based on number of monitored assets.